US9298902B2 - System, method and program product for recording creation of a cancelable biometric reference template in a biometric event journal record - Google Patents

System, method and program product for recording creation of a cancelable biometric reference template in a biometric event journal record Download PDF

Info

Publication number
US9298902B2
US9298902B2 US12370350 US37035009A US9298902B2 US 9298902 B2 US9298902 B2 US 9298902B2 US 12370350 US12370350 US 12370350 US 37035009 A US37035009 A US 37035009A US 9298902 B2 US9298902 B2 US 9298902B2
Authority
US
Grant status
Grant
Patent type
Prior art keywords
biometric
reference template
biometric reference
cancelable
base
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US12370350
Other versions
US20100205660A1 (en )
Inventor
Phillip H. Griffin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Grant date

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Abstract

A system, method and program product for recording the creation of a cancelable biometric reference template in a biometric event journal record. The method includes providing a base biometric reference template having a unique base reference template identifier that uniquely identifies base biometric data collected for an individual, applying a data transform function having a first function key value to the base biometric reference template to create one cancelable biometric reference template and recording the one cancelable biometric reference template in a biometric event journal record. The method further includes creating additional cancelable biometric reference templates using different function key values of the data transform function. The method further includes encrypting the data transform function and the function key value applied to the base biometric reference template. The method further includes signing the cancelable biometric reference template and signing the biometric event journal with a digital signature.

Description

FIELD OF THE INVENTION

The present invention relates to computer systems and software, and more specifically to a technique for recording in a biometric event journal record the creation of a cancelable or revocable or derivative biometric reference template, created from a base biometric reference template.

BACKGROUND OF THE INVENTION

A biometric event journal is a series of biometric information security management system event records. These records are used to monitor, control and perfect the security of a biometric authentication or identification system in an ongoing Plan-Do-Check-Act management process. Biometric event journal records are defined in the X9.84 and ISO 19092 biometrics security standards. Event types include the successful enrollment of an individual in a biometric system. An enrollment event involves collecting a biometric sample from an individual and processing the sample into biometric data that is used to create a biometric reference template. This reference template can later be used to match an individual to future biometric samples. When an individual succeeds in enrolling in a biometric system, a biometric reference template is created and the enrollment event is recorded in a biometric event journal. However, there is no process for recording events pertaining to the creation of a reference template that occur after the enrollment process. As such, there is a need for recording biometric events that take place after the enrollment stage.

SUMMARY OF THE INVENTION

The present invention resides in a system, method and program product for recording the creation of a cancelable or revocable or derivative biometric reference template in a biometric event journal, in accordance with an embodiment of the invention. The method for recording creation of a cancelable biometric reference template includes providing a base biometric reference template having a unique base biometric reference template identifier that uniquely identifies base biometric data collected for an individual, applying a data transform function having a first function key value to the base biometric reference template to create at least one cancelable biometric reference template and recording the at least one cancelable biometric reference template in a biometric event journal record. In an embodiment, the method further includes signing the at least one cancelable biometric reference template with a digital signature. In an embodiment, the method further includes signing the biometric event journal record with a digital signature. In an embodiment, the recording step further includes encrypting the data transform function applied to the base biometric reference template and encrypting the function key value applied to the base biometric reference template. In an embodiment, the recording step further includes encrypting the data recorded in the biometric event journal record. In an embodiment, the biometric event journal record includes at least one of: a respective biometric reference template, one or more cancelable biometric reference templates created from the respective biometric reference template, a respective data transform function and a respective data transform function key value.

In another aspect, the invention provides a computer system for recording creation of a cancelable biometric reference template. The system includes a network communications channel, a biometric system having a central processing unit and coupled to the network communications channel, the biometric system further includes a biometric application for creating a base biometric reference template having a unique biometric reference template identifier that uniquely identifies biometric data collected for an individual, a transformation tool including a data transform function having at least one function key value for creating at least one cancelable biometric reference template from the base biometric reference template, the cancelable biometric reference template including a unique identifier for identifying the at least one cancelable biometric reference template created and a journaling tool for recording creation of the at least one cancelable biometric reference template created in a biometric event journal. The computer system further includes an authentication tool for signing the at least one cancelable biometric reference template created. In an embodiment, the biometric event journal record is signed with a digital signature using the authentication tool. In an embodiment, the data transformation function includes additional function key values for creating additional cancelable biometric reference templates from the base biometric reference template. The computer system further includes an attribute tool for creating an attribute for identifying a respective unique identifier assigned to a respective cancelable biometric reference template for uniquely identifying the respective cancelable biometric reference template. In an embodiment, a respective unique identifier identifying a respective cancelable biometric reference template is stored in the biometric event journal. In an embodiment, the biometric event journal record includes at least one of: a respective biometric reference template, one or more cancelable biometric reference templates created from the respective biometric reference template, a respective data transform function and a respective data transform function key value.

In yet another aspect, the invention provides a computer program product for recording creation of a cancelable biometric reference template. The computer program product includes a computer readable storage medium, first program instructions to provide a base biometric reference template having a unique base biometric reference template identifier that uniquely identifies base biometric data collected for an individual, second program instructions to apply a data transform function having a first function key value to the base biometric reference template to create at least one cancelable biometric reference template and third program instructions to record the at least one cancelable biometric reference template in a biometric event journal record and where the first, second and third program instructions are recorded on the computer readable storage medium. The computer program product according to claim 15, further includes fourth program instructions to sign the at least one cancelable biometric reference template created with a digital signature, where the fourth program instructions are recorded on the computer readable storage medium. In an embodiment, the second program instructions include instructions to create a second cancelable biometric reference template from the base biometric reference template using the data transform function having a second function key value. In an embodiment, the third program instructions include instructions to encrypt the data transformation function and to encrypt the function key value applied to the base biometric reference template. In an embodiment, the fourth program instructions include instructions to sign the biometric event journal record created. In an embodiment, the biometric event journal record includes at least one of: a respective biometric reference template, one or more cancelable biometric reference templates created from the respective biometric reference template, a respective data transform function and a respective data transform function key value.

In yet another aspect, the invention provides a process for deploying computing infrastructure including integrating computer-readable code into a computing system, where the code in combination with the computing system is capable of performing a process for recording creation of a cancelable biometric reference template. The process includes providing a base biometric reference template having a unique base biometric reference template identifier that uniquely identifies base biometric data collected for an individual, applying a data transform function having a first function key value to the base biometric reference template to create at least one cancelable biometric reference template and recording the at least one cancelable biometric reference template in a biometric event journal record. Further, the process includes signing the at least one cancelable biometric reference template with a digital signature. Furthermore, the process includes signing the biometric event journal record with a digital signature. In an embodiment, the recording step further includes encrypting the data transform function applied to the base biometric reference template and encrypting the function key value applied to the base biometric reference template. In an embodiment, the biometric event journal record includes at least one of: a respective biometric reference template, one or more cancelable biometric reference templates created from the respective biometric reference template, a respective data transform function and a respective data transform function key value.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and form a part of this specification, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention:

FIG. 1 depicts an embodiment of a computer infrastructure for recording the creation of a cancelable or revocable or derivative biometric reference template in a biometric event journal record, in accordance with an embodiment of the present invention.

FIG. 2 is a block diagram depicting an aspect of a computer infrastructure for creating a cancelable or revocable or derivative biometric reference template from a biometric reference template, in accordance with an embodiment of the present invention.

FIG. 3 is a block diagram depicting an aspect of a system for recording the creation of a cancelable or revocable or derivative biometric reference template in a biometric event journal record, in accordance with an embodiment of the present invention.

FIG. 4 is a block diagram depicting an embodiment of a system for recording in a biometric event journal record the creation of a biometric reference template, in accordance with an embodiment of the present invention.

FIG. 5 depicts a flowchart outlining the steps for recording in a biometric event journal record the creation of a cancelable or revocable or derivative biometric reference template, in accordance with an embodiment of the present invention.

FIG. 6 depicts a flowchart outlining the steps for issuing to an entity a cancelable or revocable or derivative biometric reference template created, in accordance with an embodiment of the present invention.

FIG. 7 depicts an embodiment for creating a definition for a cancelable or revocable or derivative biometric reference template event journal record, in accordance with an embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

Reference throughout this specification to “one embodiment,” “an embodiment,” or similar language means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, appearances of the phrases “in one embodiment,” “in an embodiment,” and similar language throughout this specification may, but do not necessarily, all refer to the same embodiment.

Moreover, the described features, structures, or characteristics of the invention may be combined in any suitable manner in one or more embodiments. It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents. Reference will now be made in detail to the preferred embodiments of the invention.

In one embodiment, the invention provides a computer infrastructure 100 that includes a computer system 102 for recording the creation of a cancelable or revocable or derivative biometric reference template in a biometric event journal record, in accordance with an embodiment of the invention. In an embodiment, as depicted in FIG. 1, computer system or server 102 that has a biometric application 114 deployed thereon and is intended to represent any type of computer system that is maintained in a secure environment, that is, for which access control is enforced (as represented by the dotted lines indicated by reference numeral 101). In an embodiment, the biometric application 114 deployed on the computer system 102 is loaded into memory 112 of the computer system 102 from a computer readable storage medium or media (reference numeral 125), such as, a magnetic tape or disk, optical media, DVD, memory stick, semiconductor memory, etc. or downloaded from the server via a network adapter card (reference numerals 104) installed on the computer system or server 102. Referring to FIG. 1, the computer system or server 102 is shown to include a CPU (Central CPU) 106, a memory 112, a bus 110, and input/output (I/O) interfaces 108. Further, the server 102 is shown in communication with external I/O devices/resources 126 and databases 120 and 160. In general, CPU 106 executes computer program code stored in memory 112, such as the biometric application 114 for processing biometric data 139 contained in a biometric sample 132. In an embodiment, the memory 112 includes a journaling tool 115 for recording or journaling events within the biometric system, such as, the creation of a base biometric reference template 140 and/or the creation of one or more revocable or derivative or cancelable biometric reference templates, as explained further herein below with respect to FIGS. 2 and 3. The memory 112 further includes a transformation tool or engine 116 for transforming a base biometric reference template 140 into one or more cancelable biometric reference templates 220, as explained further herein below with respect to FIGS. 2 and 3. In an embodiment, the transformation tool 116 includes one or more transform functions having one or more transform keys for creating one or more derivative or cancelable or revocable biometric reference templates from a base biometric reference template, as discussed further herein below. Further, in an embodiment, the transformation tool 116 stores the transform functions (reference numeral 123) and transform keys (reference numeral 127) utilized to create the one or more cancelable or revocable or derivative biometric reference templates in database 120. Furthermore, in an embodiment, the transformation tool 116 records the creation of the base biometric reference template 140 in a biometric event journal record, reference numeral 148, (also referred to herein as an “event journal” or “an audit log”), which in an embodiment are stored in database 160 (as “event journal(s)”, reference numeral 162) in database 160 within infrastructure 101. Further, memory 112 stores an attribute tool 117 for creating or defining one or more attributes to be included in the base biometric reference template (also referred to herein as simply “biometric reference template” or “reference template” or “base template” or “base reference template”) that is created using an individual's biometric sample. Furthermore, the memory 112 stores an authentication tool 118 for signing a base biometric reference template and/or attributes associated with the base biometric reference template. In an embodiment, the base biometric reference template 140 that is created using a biometric sample 132 collected from an individual is stored in database 120, along with other base biometric reference templates within computer system or server 102 (referred to as “base biometric reference template(s), reference numeral 122). Further, in an embodiment, the one or more derivative or cancelable or revocable biometric reference templates are stored as cancelable reference templates 124 in database 120. In an embodiment, one or more unique identifiers, for instance, the unique base biometric reference template identifier 142 that uniquely identifies a base biometric reference template 140 may be stored in database 120. Further, in an embodiment, any biometric data and/or information processed by the biometric sensor or reader device 133 are transmitted over a network 130 to the computer system or server 102 for storage in database 120. In particular, as shown in FIG. 1, a user or individual provides a biometric sample 132 using a biometric sensor or a biometric reader or scanning device 133 coupled to the system 102. In an embodiment, the biometric sensor or reader or scanner 133 converts the scanned user biometric sample 132 to a digital form using an instance 134 of the biometric application 114. In an embodiment, an instance 134 of the biometric application 114 deployed on the computer system 102 is loaded into the sensor or reader device 133 within the biometric infrastructure 100 from a computer readable storage medium or media (reference numeral 150), such as, a magnetic tape or disk, optical media, DVD, memory stick, semiconductor memory, etc. or downloaded from the server via a network adapter card (reference numerals 104) installed on the computer system or server 102. Further, an instance 135 of the journaling tool 115 and an instance 136 of the transformation tool 116 is loaded into the sensor or reader device 133 from a computer readable storage medium or media (reference numeral 150), such as, a magnetic tape or disk, optical media, DVD, memory stick, semiconductor memory, etc. or downloaded from the server via a network adapter card (reference numerals 104) installed on the computer system or server 102. Similarly, an instance 137 of the attribute tool 116 and an instance 138 of the authentication tool 118 are loaded into the sensor or reader device 133 within the biometric infrastructure 100 from a computer readable storage medium or media (reference numeral 150), such as, a magnetic tape or disk, optical media, DVD, memory stick, semiconductor memory, etc. or downloaded from the server via a network adapter card (reference numerals 104) installed on the computer system or server 102. In particular, the instance 134 of the biometric application 114 loaded into the biometric sensor or reader device 133 is used to process the biometric sample 132 collected from a person or an individual or user into biometric data 139, which, in an embodiment, is stored within the biometric sensor or reader device 133. Further, the biometric data 139 processed by the sensor or reader device 133 is used to create a base biometric reference template 140. In an embodiment, the sensor or reader device 133 uses the attribute tool or program 137 for creating one or more attributes to be associated with or attached to the base biometric reference template 140. Further, the sensor or reader device 133 uses the authentication tool or program 138 for signing the base biometric reference template that is created, referred to as “signed reference template”, shown by dotted lines 146. Further, the authentication tool 138 is used to sign any attributes that are associated with and/or included in a base biometric reference template 140. In an embodiment, the base biometric reference template 140 created is assigned a unique base biometric reference template identifier 142 (also referred to herein simply as “base template identifier”) for uniquely identifying the base biometric reference template 140 created using a person's base biometric data 139 that is processed from the person's biometric sample 132. In an embodiment, the unique base template identifier 142 is created in the form of an information object identifier (OID) as defined in ISO/IEC 8824-1 and ISO/IEC 9834-8, a universally unique identifier (UUID) as defined in ISO/IEC 9834-8, or a uniform resource identifier (URI) as defined in RFC 2396. Further, in an embodiment, the base biometric data 139 that is processed using a biometric sample 132 provided by an individual is associated with the base biometric reference template 140 and is included in the base biometric reference template 140 itself, shown as base biometric data 144. In an embodiment, the base biometric data 144 stored within the base biometric reference template 140 is encrypted or protected in some manner, such as signing the entire base biometric reference template 140 (shown as dotted lines 146), as discussed further herein below. In an embodiment, the biometric reference template 140 includes a “biometric type indicator” component (reference numeral 145) that provides an indication of the type of biometric data used to create the base biometric reference template, for example, fingerprint, iris or retinal scan, etc. Further, the base biometric reference template 140 may include one or more attributes, such as, a privacy policy attribute, which includes a unique privacy policy identifier that identifies a privacy policy that is associated with the base biometric reference template 140, such that, the privacy policy informs a recipient of the intended and proper handling and use of the information contained in the base biometric reference template 140. In an embodiment, the base biometric reference template 140 that is created using a biometric sample 132 provided by a user is stored in a database 120 of the system 102 along with other base biometric reference templates 122 created for other users or individuals within the infrastructure 101. In an embodiment, the base biometric data contained within each of the base biometric reference templates 122 stored within database 120 within the system 102 is encrypted to protect the identities of the individuals that the base biometric reference templates belong to. Further, in an embodiment, each of the base biometric reference templates is signed with a digital signature before being stored in database 120, and the digital signatures (reference numeral 128) are also stored in database 120. Additionally, the journaling tool 135 deployed on the sensor or reader 133 is used to record in a biometric event journal record 148 the creation of the base biometric reference template 140, which is stored in database 160 within infrastructure 101. It should be understood, however, that although not shown, other hardware and software components (e.g., additional computer systems, routers, firewalls, etc.) could be included in infrastructure 100.

Reference is now made to FIG. 2, reference numeral 200, which depicts an aspect of a computer infrastructure having deployed thereon a transformation tool or program that includes one or more data transform functions having one or more function key values for creating a cancelable or revocable or derivative biometric reference template from a base biometric reference template, in accordance with an embodiment of the present invention. In an embodiment, the base biometric reference template 202 having a unique base biometric reference template identifier 204 and which includes base biometric data 206 is inputted into a data transformation function or algorithm 212 provided by a transformation tool (reference numeral 116 as shown in FIG. 1) deployed on a computer system within infrastructure 200. In an embodiment, the transformation tool includes a data transform function or algorithm 212 (also referred to herein as “data transformation function” or “transform function” or “data transformation function”), which is loaded on to a computer device or computer system within the infrastructure 200. In an embodiment, the data transformation function 212 includes a matrix of function key values 214 (also referred to herein as “transform keys”, “transformation keys” or “transform values” or “function key values”), where a different transformation key is used to create a different cancelable or revocable or derivative biometric reference template 220. The base biometric reference template 202 is used as an input to the data transformation function 212 in order to create a cancelable or revocable or derivative biometric reference template 220. Known transform techniques or functions in the art can be used to transform the base biometric reference template created using the base biometric data taken from a single enrollment of an individual in a system to create multiple, cancelable or revocable or derivative biometric reference templates by varying the seed values (transformation keys or function key values) of a transformation function. In an embodiment, the data transformation function 212 is assigned a unique transform function identifier 213 for identifying the data transformation function used to create a particular cancelable or revocable or derivative biometric reference template. Further, in an embodiment, the unique transform function identifier 213 identifying a particular data transformation function 212 and the particular transformation key 214 to create a particular cancelable or revocable or derivative biometric reference template are tracked in a function key value list 218 stored in a database 216 to ensure that the same transform key 214 is not used twice. In an embodiment, the cancelable or revocable or derivative biometric reference template 220 that is created using a transform key 214 of the data transformation function 212 is assigned a unique cancelable or revocable or derivative biometric reference template identifier 222 for identifying the cancelable or revocable or derivative biometric reference template, as shown in FIG. 2. Further, the cancelable or revocable or derivative biometric reference template 220 includes cancelable biometric data 224 transformed from the base biometric data 206 in the base biometric reference template 202. The transform values 214 applied to a base biometric reference template 202 is chosen from a matrix of integer values and can be varied to create multiple cancelable or revocable or derivative biometric reference templates 220. Each cancelable or revocable or derivative biometric reference template 220 that is created is assigned its own unique cancelable or revocable or derivative biometric reference template identifier 222 that identifies the respective cancelable or revocable or derivative biometric reference template 220. In an embodiment, the new cancelable or revocable or derivative biometric reference template adheres to international standards for the format of biometric reference templates and, as such, the unique cancelable or revocable or derivative biometric reference template identifier comprises a universally unique identifier (UUID). In an embodiment, the cancelable biometric reference templates 220 that are created are stored in database 216, referred to by reference numeral 219. Also, in an embodiment, the data transform function 212 and the database 216 are part of a secure environment within infrastructure 200, similar to the secure environment 101 shown in FIG. 1. Further, as shown in FIG. 2, the cancelable biometric event journal record 230 recording or journaling the creation of the cancelable biometric reference template is stored in database 216, as cancelable event journal(s) or journal records, reference numeral 229. Further, the cancelable biometric reference template 220 is signed with a digital signature (represented by the dotted lines 226) before being stored in database 216, and the digital signature is stored with other digital signature(s) (reference numeral 242) in database 216. In an embodiment, a RSA digital signature scheme is used to sign a cancelable biometric reference template 220, such that, the digital signature provides integrity protection over the entire cancelable biometric reference template 220. As such, a digital signature can be used to detect if any of the cancelable biometric reference template information has been tampered with. In particular, the act of digitally signing the entire cancelable biometric reference template 220 cryptographically binds every component within the cancelable biometric reference template together. Further, if a biometric reference template contains any attributes, then such attributes are also cryptographically bound to the cancelable biometric reference template. In an embodiment, to form a digital signature on an information object, such as, a cancelable biometric reference template, a cryptographic hash (also referred to herein as “encrypted hash” or “hash value” or simply “hash”) is computed over the entire object or cancelable biometric reference template and then the hash is signed. For example, where a RSA digital signature scheme is used to sign a cancelable biometric reference template, a key is used to encrypt the hash to form the digital signature. Furthermore, in an embodiment, the signed cancelable biometric reference template is stored along with the digital signature in a database, for example, database 216. Furthermore, in an alternate embodiment, the digital signature may be detached from the cancelable biometric reference template (not appended to or associated with the cancelable biometric reference template as shown in FIG. 2). Further, in an embodiment, the data recorded in a cancelable biometric event journal record 230 is encrypted before the cancelable event journal is stored (reference numeral 229) in database 216. Furthermore, in an embodiment, the cancelable biometric event journal record 230 is signed with a digital signature 240 before being stored in database 216, and the digital signature is also stored (reference numeral 242) in database 216. In an embodiment, a RSA digital signature scheme is used to sign the cancelable biometric event journal record 230, such that, the digital signature provides integrity protection over the entire cancelable biometric event journal record 230. The use of digital signatures to sign objects to be authenticated is well known in the art and, as such, will not be discussed further herein.

Reference is now made to FIG. 3, reference numeral 300, which is a block diagram depicting an aspect of a system for recording the creation of a cancelable or revocable or derivative biometric reference template in a biometric event journal record, in accordance with an embodiment of the present invention. As explained herein above with respect to FIGS. 1 and 2, a base biometric reference template is inputted into a data transform or transformation tool deployed on a computer system, where a respective function key value of a data transform function is used to create a respective cancelable or revocable or derivative biometric reference template. In an embodiment, the respective function key value is used only once to create the respective cancelable or revocable or derivative biometric reference template. In an embodiment, the cancelable or revocable or derivative biometric reference template 302 created from a base biometric reference template is assigned a unique cancelable or revocable or derivative biometric reference template identifier 304 for uniquely identifying the cancelable or revocable or derivative biometric reference template 302 created using a data transform function having a function value, as explained herein above with respect to FIG. 2. In an embodiment, the cancelable biometric data 306 obtained from the transformation of the base biometric data in a base biometric reference template 312 is also included in the cancelable or revocable or derivative biometric reference template 302, as shown in FIG. 3. Further, the cancelable or revocable or derivative biometric reference template 302 that is created using a particular set of function key values provided by the data transformation function utilized is stored with other cancelable or revocable or derivative biometric reference templates 314 in a database 310 within the system. In addition, the base biometric reference template is stored with other respective base biometric reference templates 312 used to create respective multiple cancelable or revocable or derivative biometric reference templates 314. In an embodiment, the biometric data contained in each of the base biometric reference templates 312 is encrypted to protect the base biometric reference templates 312 and these reference templates may be optionally signed with a digital signature (as discussed herein above with respect to FIG. 2) before being stored in the database 310. Furthermore, respective data transform functions 316 and respective transform keys 318 used to create the multiple cancelable or revocable or derivative biometric reference templates may also be stored in database 310 within the system. In addition, as shown in FIG. 3, the creation of the cancelable or revocable or derivative biometric reference template 302 is recorded in a cancelable biometric event journal record 308. Further, the cancelable biometric event journal record 308 created for the cancelable or revocable or derivative biometric reference template 302 is stored in a separate database 320 of the system 300 along with other biometric event journal records 322 created when recording or logging the creation of one or more cancelable or revocable or derivative biometric reference templates for other user/individuals within the system 300. In an embodiment, the cancelable biometric event journal record 308 is signed with a digital signature 309 before being stored as event journal records 322 in database 320, and the digital signature is also stored (reference numeral 324) in database 320. In an embodiment, a RSA digital signature scheme is used to sign the cancelable biometric event journal record 308, such that, the digital signature provides integrity protection over the entire cancelable biometric event journal record 308. The use of digital signatures to sign objects to be authenticated is well known in the art and, as such, will not be discussed further herein. In an embodiment, a respective base biometric reference template used to create a respective cancelable or revocable or derivative biometric reference template may itself be placed in the cancelable biometric event journal record 308 and, if the base biometric reference template is placed in the cancelable biometric event journal record 308, the biometric data contained in the cancelable biometric reference template is protected using encryption or some other means for preventing the information from being captured and used to create unauthorized cancelable or revocable or derivative biometric reference templates that could be used to impersonate an individual, thus, protecting the privacy of the individual whose biometric sample was used to create the base biometric reference template. In an embodiment, the cancelable biometric event journal record created for a cancelable or revocable or derivative biometric reference template creation includes an identification of the cancelable or revocable or derivative biometric reference template being created, the base biometric data (or base reference template containing the biometric data) being transformed to produce the cancelable or revocable or derivative biometric reference template, the transform function, and the transform key used for creating the cancelable or revocable or derivative biometric reference template, as discussed further herein below with respect to FIG. 7. In an embodiment, the new cancelable or revocable or derivative biometric reference template adheres to international standards for the format of biometric reference templates and, as such, the unique cancelable or revocable or derivative biometric reference template identifier comprises a universally unique identifier (UUID), which can be placed in the event journal record to uniquely identify the template. Further, if the data transformation function is recorded in the biometric event journal record, the transform function is protected, either by encryption or other appropriate means in the biometric event journal record. Alternatively, an identifier that names the data transform function can be recorded in the biometric event journal record as plaintext or clear text. Further, if the function key values are recorded in the biometric event journal, the function keys may be recorded as plaintext or clear text. Additionally, in an embodiment, all instances of a cancelable or revocable or derivative biometric reference template created by the system from a base biometric reference template of an individual are recorded in the cancelable biometric event journal record 308. Such recording of events in the cancelable biometric event journal record 308 facilitates detection of duplicate cancelable or revocable or derivative biometric reference templates and prevents duplicate cancelable or revocable or derivative biometric reference templates from being issued. Further, recording of the creation of each cancelable or revocable or derivative biometric reference template allows individual cancelable or revocable or derivative biometric reference template to be revoked, and helps in detecting the use of unauthorized cancelable or revocable or derivative biometric reference templates for purposes of impersonating an individual.

In another embodiment, the invention provides a method for recording in a biometric event journal record the creation of a base biometric reference template, in accordance with an embodiment of the invention. Turning to FIG. 4, reference numeral 400 depicts a flowchart outlining the steps for recording in a biometric event journal record the creation of a base biometric reference template for an individual being registered with a system. As shown in FIG. 4, the process begins with a biometric application within a biometric reader or scanner device collecting in step 402 a biometric sample from an individual to create a base biometric reference template within the system. In step 404, a unique base biometric reference template identifier is assigned to the base biometric reference template being created and the base biometric reference template is created in step 406 using the biometric sample collected from the individual. In step 408, a determination is made by the biometric application as to whether or not to sign the base biometric reference template created. If the biometric application receives input indicating that the base biometric reference template is to be signed, then the base biometric reference template is signed in step 410 using a digital signature. The use of digital signatures to sign objects to be authenticated is well known in the art. The creation of the base biometric reference template, which is signed, is recorded in a biometric event journal record in step 412. Going back to step 408, if a determination is made that the base biometric reference template is not to be signed, then the creation of the base biometric reference template is recorded in the biometric event journal record in step 412. In an embodiment, the biometric event journal record created for a base biometric reference template includes an identification (for instance, the unique base biometric reference template identifier) of the base biometric reference template created and the base biometric data processed from the individual's biometric sample collected. Further, the biometric event journal record created for the base biometric reference template is stored in a database in step 414, ending the process.

Reference is now made to FIG. 5, reference numeral 500, which depicts a flowchart outlining the steps for recording in a biometric event journal record the creation of a cancelable or revocable or derivative biometric reference template, in accordance with an embodiment of the present invention. The process begins in step 502 with a biometric application applying to a base biometric reference template a data transform function or data transformation function having a first function key value or transformation key in order to create a cancelable or revocable or derivative biometric reference template. Further, in step 504, a unique cancelable or revocable or derivative biometric reference template identifier is assigned to the cancelable or revocable or derivative biometric reference template created using the data transformation function. In step 506, a determination is made by the biometric application as to whether or not to sign the cancelable or revocable or derivative biometric reference template that is created. If the biometric application receives input indicating that the cancelable or revocable or derivative biometric reference template is to be signed, then the cancelable or revocable or derivative biometric reference template is signed in step 508 using a digital signature. Alternatively, the cancelable biometric data within a cancelable or revocable or derivative biometric reference template can be protected using other appropriate means, such as, encryption. The creation of the cancelable or revocable or derivative biometric reference template, which is signed, is recorded in a biometric event journal record in step 510. Going back to step 506, if a determination is made that the cancelable or revocable or derivative biometric reference template is not to be signed, then the creation of the cancelable or revocable or derivative biometric reference template is recorded in the biometric event journal record in step 510. In an embodiment, the biometric event journal record created for a cancelable or revocable or derivative biometric reference template creation includes an identification of the cancelable or revocable or derivative biometric reference template being created, the base biometric data (or base reference template containing the biometric data) being transformed to produce the cancelable or revocable or derivative biometric reference template, the transform function, and the transform key used for creating the cancelable or revocable or derivative biometric reference template, as discussed further herein below with respect to FIG. 7. Further, during creation of the cancelable or revocable or derivative biometric reference template, the biometric service provider is provided a date that the cancelable or revocable or derivative biometric reference template is set to expire, so that the relying party can use the validity date to tell whether or not the cancelable or revocable or derivative biometric reference template is still valid. Referring back to FIG. 5, the biometric event journal record created for the cancelable or revocable or derivative biometric reference template is stored in a database in step 512, ending the process. Optionally, the biometric event journal record may be encrypted and/or signed with a digital signature before being stored in a database.

Reference is now made to FIG. 6, reference numeral 600, which depicts a flowchart outlining the steps for issuing to an entity a cancelable or revocable or derivative biometric reference template created, in accordance with an embodiment of the present invention. The process begins in step 602 with an individual or user requesting creation by a biometric service provider of a cancelable or revocable or derivative biometric reference template for a specific entity (for instance, a bank). The biometric service provider obtains in step 604 the individual's base biometric reference template that was created during the time the individual was initially enrolled in a system. Further, the biometric service provider accessing a biometric application within the system applies, in step 606, a data transform function or data transform function to the base biometric reference template to create a cancelable or revocable or derivative biometric reference template. Further, information pertaining to the creation of the cancelable or revocable or derivative biometric reference template is stored in a biometric event journal record in step 608. In step 610, the biometric service provider issues a cancelable or revocable or derivative biometric reference template to the specific entity, ending the process. Again, as mentioned herein above, the cancelable biometric reference template may optionally be encrypted and/or signed with a digital signature. Similarly, the cancelable biometric event journal record may be encrypted and/or signed with a digital signature.

For example, an individual that has previously enrolled in a biometric system using a particular biometric service provider may want to create a cancelable or revocable or derivative biometric reference template to enroll with a new entity. Thus, the individual calls the biometric service provider and requests creation of the cancelable or revocable or derivative biometric reference template for a specific party. Accordingly, the biometric service provider accesses the base biometric reference template created for the individual and applies the data transform function to create a cancelable or revocable or derivative biometric reference template, which is issued to the specific party. The transformation function and the resulting cancelable or revocable or derivative biometric reference template is stored in the biometric event journal record. While each of the cancelable or revocable or derivative biometric reference templates created from a base biometric reference template may have different cancelable biometric data, each cancelable or revocable or derivative biometric reference template matches the individual.

Turning to FIG. 7, reference numeral 700 depicts an embodiment for creating a definition for a cancelable or revocable or derivative biometric reference template event journal record, in accordance with an embodiment of the present invention. A cancelable biometric template event journal record 700 can be defined in many ways, including the format shown in FIG. 7 that conforms to the standard set forth in the X9.84:2008 standard revision. In particular, “version” (reference numeral 702) refers to the version of the “TemplateCreation” syntax, which version is specified as being the integer value one (reference numeral 718). Further, “dateTime” (reference numeral 704) is the date and time of the event, namely, the creation of the revocable or derivative or cancelable biometric reference template being recorded in the biometric event journal record. The syntax “revocableTemplateID” (reference numeral 706) refers to a universally unique identifier, UUID (reference numeral 720) of the new revocable or derivative or cancelable biometric reference template being created. The syntax “baseTemplateID” (reference numeral 708) refers to a universally unique identifier of a base biometric reference template used to create the revocable or derivative or cancelable biometric reference template. Further, the syntax “transform” (reference numeral 710) refers to a universally unique identifier (UUID) of the transformation function used to modify or transform the base biometric reference template. The syntax “key” (reference numeral 712) is an array of transform function values used to create a unique cancelable or revocable or derivative biometric reference template. Further, the syntax “description” (reference numeral 714) refers to the value of the BiometricHeader (reference numeral 722) of the new cancelable or revocable or derivative biometric reference template being created. Finally, the syntax “discretionary” (reference numeral 716) refers to discretionary text (reference numeral 724) that may be included with the biometric event journal record.

Accordingly, the invention provides a system, method and a program product for recording the creation of a cancelable or revocable or derivative biometric reference template in a biometric event journal record (an audit log), in accordance with an embodiment of the invention. The invention provides the ability to create more than one cancelable or revocable or derivative biometric reference templates from a base biometric reference template using a mathematical transformation on a base biometric reference template. As such, more than one cancelable or revocable or derivative biometric reference templates can be created using a matrix of integer values provided in a data transformation function without the individual having to go back and provide a biometric sample again for enrolling in a biometric system used by an entity. The transform values can be varied and applied to a base biometric reference template to get a cancelable or revocable or derivative biometric reference template. Reports may be generated based on the biometric event journal records or audit logs, which can be used to monitor the quality of the biometric service provided. Further, the biometric event journal record may include the date and time, the operator who created the cancelable or revocable or derivative biometric reference template, the identifier of the cancelable or revocable or derivative biometric reference template and the recipient of the cancelable or revocable or derivative biometric reference template. Additionally, the type of encryption used, etc. may also be stored in the biometric event journal record, so that an auditor could use the journal record to ascertain whether or not the creation process for a cancelable or revocable or derivative biometric reference template was well managed.

The foregoing descriptions of specific embodiments of the present invention have been presented for the purpose of illustration and description. They are not intended to be exhaustive or to limit the invention to the precise forms disclosed, and many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and its practical application, to thereby enable others skilled in the art to best utilize the invention and various embodiments with various modifications as are suited to the particular use contemplated. It is intended that the scope of the invention be defined by the claims appended hereto and their equivalents.

Claims (20)

What is claimed is:
1. A method for recording creation of a cancelable biometric reference template, said method comprising:
creating, by a processor of a computer system, a base biometric reference template, said creating comprising inserting, into the base biometric reference template, a unique base biometric reference template identifier that uniquely identifies base biometric data collected for an individual, the base biometric data, and a biometric type indicator providing an indication of a portion of the individual's body used for collecting the base biometric data;
said processor applying a data transform function having a function key value to the base biometric reference template to create a cancelable biometric reference template; and
said processor recording the cancelable biometric reference template in a biometric event journal record.
2. The method of claim 1, said method further comprising:
said processor signing the cancelable biometric reference template with a digital signature.
3. The method of claim 1, said method further comprising:
after said recording, said processor signing the biometric event journal record with a digital signature.
4. The method of claim 1, said method further comprising:
said processor encrypting the data transform function applied to the base biometric reference template; and
said processor encrypting the function key value.
5. The method of claim 1, said method further comprising:
said processor inserting into the biometric event journal record: the biometric reference template, the cancelable biometric reference template, the data transform function, and the data transform function key value.
6. A process for deploying computing infrastructure comprising integrating computer-readable code into a computer system, wherein said the code in combination with said computer system is capable of performing a method for recording creation of a cancelable biometric reference template, said method comprising:
creating, by a processor of the computer system, a base biometric reference template, said creating comprising inserting, into the base biometric reference template, a unique base biometric reference template identifier that uniquely identifies base biometric data collected for an individual, the base biometric data, and a biometric type indicator providing an indication of a portion of the individual's body used for collecting the base biometric data;
said processor applying a data transform function having a function key value to the base biometric reference template to create a cancelable biometric reference template; and
said processor recording the cancelable biometric reference template in a biometric event journal record.
7. The process of claim 6, said method further comprising:
said processor signing the cancelable biometric reference template with a digital signature.
8. The process of claim 6, said method further comprising:
after said recording, said processor signing the biometric event journal record with a digital signature.
9. The process of claim 6, said method further comprising:
said processor encrypting the data transform function applied to the base biometric reference template; and
said processor encrypting the function key value.
10. The process of claim 6, said method further comprising:
said processor inserting into the biometric event journal record: the biometric reference template, the cancelable biometric reference template, the data transform function, and the data transform function key value.
11. A computer system comprising a processor, a memory coupled to the processor, and a computer readable storage device coupled to the processor, said storage device containing program code configured to be executed by the processor via the memory to implement a method for recording creation of a cancelable biometric reference template, said method comprising:
said processor creating a base biometric reference template, said creating comprising inserting, into the base biometric reference template, a unique base biometric reference template identifier that uniquely identifies base biometric data collected for an individual, the base biometric data, and a biometric type indicator providing an indication of a portion of the individual's body used for collecting the base biometric data;
said processor applying a data transform function having a function key value to the base biometric reference template to create a cancelable biometric reference template; and
said processor recording the cancelable biometric reference template in a biometric event journal record.
12. The computer system of claim 11, said method further comprising:
said processor signing the cancelable biometric reference template with a digital signature.
13. The computer system of claim 11, said method further comprising:
after said recording, said processor signing the biometric event journal record with a digital signature.
14. The computer system of claim 11, said method further comprising:
said processor encrypting the data transform function applied to the base biometric reference template; and
said processor encrypting the function key value.
15. The computer system of claim 11, said method further comprising:
said processor inserting into the biometric event journal record the biometric reference template, the cancelable biometric reference template, the data transform function, and the data transform function key value.
16. A computer program product, comprising a computer readable storage device having a computer readable program code stored therein, said program code configured to be executed by a processor of a computer system to implement a method for recording creation of a cancelable biometric reference template, said method comprising:
said processor creating a base biometric reference template, said creating comprising inserting, into the base biometric reference template, a unique base biometric reference template identifier that uniquely identifies base biometric data collected for an individual, the base biometric data, and a biometric type indicator providing an indication of a portion of the individual's body used for collecting the base biometric data;
said processor applying a data transform function having a function key value to the base biometric reference template to create a cancelable biometric reference template; and
said processor recording the cancelable biometric reference template in a biometric event journal record.
17. The computer program product of claim 16, said method further comprising:
said processor signing the cancelable biometric reference template with a digital signature.
18. The computer program product of claim 16, said method further comprising:
after said recording, said processor signing the biometric event journal record with a digital signature.
19. The computer program product of claim 16, said method further comprising:
said processor encrypting the data transform function applied to the base biometric reference template; and
said processor encrypting the function key value.
20. The computer program product of claim 16, said method further comprising:
said processor inserting into the biometric event journal record the biometric reference template, the cancelable biometric reference template, the data transform function, and the data transform function key value.
US12370350 2009-02-12 2009-02-12 System, method and program product for recording creation of a cancelable biometric reference template in a biometric event journal record Active 2034-12-26 US9298902B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12370350 US9298902B2 (en) 2009-02-12 2009-02-12 System, method and program product for recording creation of a cancelable biometric reference template in a biometric event journal record

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US12370350 US9298902B2 (en) 2009-02-12 2009-02-12 System, method and program product for recording creation of a cancelable biometric reference template in a biometric event journal record

Publications (2)

Publication Number Publication Date
US20100205660A1 true US20100205660A1 (en) 2010-08-12
US9298902B2 true US9298902B2 (en) 2016-03-29

Family

ID=42541489

Family Applications (1)

Application Number Title Priority Date Filing Date
US12370350 Active 2034-12-26 US9298902B2 (en) 2009-02-12 2009-02-12 System, method and program product for recording creation of a cancelable biometric reference template in a biometric event journal record

Country Status (1)

Country Link
US (1) US9298902B2 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8242892B2 (en) * 2009-02-12 2012-08-14 International Business Machines Corporation System, method and program product for communicating a privacy policy associated with a radio frequency identification tag and associated object
US9298902B2 (en) 2009-02-12 2016-03-29 International Business Machines Corporation System, method and program product for recording creation of a cancelable biometric reference template in a biometric event journal record
US8289135B2 (en) * 2009-02-12 2012-10-16 International Business Machines Corporation System, method and program product for associating a biometric reference template with a radio frequency identification tag
US8301902B2 (en) * 2009-02-12 2012-10-30 International Business Machines Corporation System, method and program product for communicating a privacy policy associated with a biometric reference template
US8327134B2 (en) * 2009-02-12 2012-12-04 International Business Machines Corporation System, method and program product for checking revocation status of a biometric reference template
US8359475B2 (en) * 2009-02-12 2013-01-22 International Business Machines Corporation System, method and program product for generating a cancelable biometric reference template on demand
US8838691B2 (en) * 2012-06-29 2014-09-16 International Business Machines Corporation Data de-duplication in service oriented architecture and web services environment
DE102015108346A1 (en) * 2015-05-27 2016-12-01 Bundesdruckerei Gmbh Identification server for identifying a person to be identified
DE102015108351A1 (en) * 2015-05-27 2016-12-01 Bundesdruckerei Gmbh Identification server for identifying a person to be identified

Citations (69)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5467081A (en) 1992-02-22 1995-11-14 U.S. Philips Corporation Datacarriers with separate storage of read and write-inhibited memory locations
US5649099A (en) 1993-06-04 1997-07-15 Xerox Corporation Method for delegating access rights through executable access control program without delegating access rights not in a specification to any intermediary nor comprising server security
US5659616A (en) 1994-07-19 1997-08-19 Certco, Llc Method for securely using digital signatures in a commercial cryptographic system
US5774552A (en) 1995-12-13 1998-06-30 Ncr Corporation Method and apparatus for retrieving X.509 certificates from an X.500 directory
US6044224A (en) 1996-06-26 2000-03-28 Sun Microsystems, Inc. Mechanism for dynamically associating a service dependent representation with objects at run time
US6092201A (en) 1997-10-24 2000-07-18 Entrust Technologies Method and apparatus for extending secure communication operations via a shared list
WO2000065770A1 (en) 1999-04-22 2000-11-02 Veridicom, Inc. High security biometric authentication using a public key/private key encryption pairs
US6256737B1 (en) 1999-03-09 2001-07-03 Bionetrix Systems Corporation System, method and computer program product for allowing access to enterprise resources using biometric devices
US20020026582A1 (en) 2000-08-31 2002-02-28 Sony Corporation Person authentication system, person authentication method and program providing medium
US20020174010A1 (en) 1999-09-08 2002-11-21 Rice James L. System and method of permissive data flow and application transfer
US6554188B1 (en) 1999-04-13 2003-04-29 Electronic Data Holdings Limited Terminal for an active labelling system
US20030088782A1 (en) 2001-11-08 2003-05-08 Ncr Corporation Biometrics template
US20030093666A1 (en) 2000-11-10 2003-05-15 Jonathan Millen Cross-domain access control
US20030097383A1 (en) 2001-04-05 2003-05-22 Alexis Smirnov Enterprise privacy system
US20030115490A1 (en) 2001-07-12 2003-06-19 Russo Anthony P. Secure network and networked devices using biometrics
US20030126433A1 (en) 2001-12-27 2003-07-03 Waikwan Hui Method and system for performing on-line status checking of digital certificates
US20030129965A1 (en) 2001-10-31 2003-07-10 Siegel William G. Configuration management system and method used to configure a biometric authentication-enabled device
US20040019570A1 (en) 2000-06-16 2004-01-29 International Business Machines Corporation Business system and method using a distorted biometrics
US20040020984A1 (en) 2002-08-01 2004-02-05 Ncr Corporation Self-service terminal
US20040049675A1 (en) 1995-10-02 2004-03-11 Silvio Micali Physical access control
US20040123114A1 (en) 2002-01-02 2004-06-24 Mcgowan Tim Method and system for the generation, management, and use of a unique personal identification token for in person and electronic identification and authentication
US20040162984A1 (en) 2002-03-26 2004-08-19 Freeman William E. Secure identity and privilege system
US20040193893A1 (en) 2001-05-18 2004-09-30 Michael Braithwaite Application-specific biometric templates
US6836554B1 (en) * 2000-06-16 2004-12-28 International Business Machines Corporation System and method for distorting a biometric for transactions with enhanced security and privacy
US20050005136A1 (en) 2003-04-23 2005-01-06 Liqun Chen Security method and apparatus using biometric data
US20050055582A1 (en) 2003-09-05 2005-03-10 Bazakos Michael E. System and method for dynamic stand-off biometric verification
US20050180619A1 (en) 2002-01-17 2005-08-18 Cross Match Technologies, Inc. Biometric imaging system and method
US20050198508A1 (en) 2004-03-04 2005-09-08 Beck Stephen H. Method and system for transmission and processing of authenticated electronic mail
US20050229007A1 (en) 2004-04-06 2005-10-13 Bolle Rudolf M System and method for remote self-enrollment in biometric databases
US20050228998A1 (en) 2004-04-02 2005-10-13 Microsoft Corporation Public key infrastructure scalability certificate revocation status validation
US20050240778A1 (en) 2004-04-26 2005-10-27 E-Smart Technologies, Inc., A Nevada Corporation Smart card for passport, electronic passport, and method, system, and apparatus for authenticating person holding smart card or electronic passport
WO2005122467A1 (en) 2004-06-09 2005-12-22 Koninklijke Philips Electronics N.V. Biometric template protection and feature handling
US20050283614A1 (en) 2004-06-16 2005-12-22 Hardt Dick C Distributed hierarchical identity management system authentication mechanisms
US20060078171A1 (en) * 2004-08-20 2006-04-13 The Research Foundation Of State University Of New York Stor Intellectual Property Division Biometric convolution using multiple biometrics
US7030760B1 (en) 2001-08-07 2006-04-18 Seecontrol, Inc. Method and apparatus for ensuring reliable loading of materials on aricraft and other vehicles
US20060104484A1 (en) 2004-11-16 2006-05-18 Bolle Rudolf M Fingerprint biometric machine representations based on triangles
US20060158751A1 (en) 2002-12-06 2006-07-20 Cross Match Technologies, Inc. Non-planar prism
US20060206723A1 (en) 2004-12-07 2006-09-14 Gil Youn H Method and system for integrated authentication using biometrics
US20060289646A1 (en) 2005-06-20 2006-12-28 Microsoft Corporation Rich object model for diverse Auto-ID tags
US20070044139A1 (en) 2003-05-21 2007-02-22 Tuyls Pim T Method and system for authentication of a physical object
US20070040654A1 (en) 2005-08-19 2007-02-22 Electronics And Telecommunications Research Institute Electronic tag including privacy level information and privacy protection apparatus and method using RFID tag
US20070119924A1 (en) 2001-12-31 2007-05-31 Digital Data Research Company Security Clearance Card, System And Method Of Reading A Security Clearance Card
US20070136581A1 (en) 2005-02-15 2007-06-14 Sig-Tec Secure authentication facility
US20070164863A1 (en) 2006-01-17 2007-07-19 International Business Machines Corporation System and method to track inventory using RFID tags
US20070226512A1 (en) 2004-06-09 2007-09-27 Koninklijke Philips Electronics, N.V. Architectures for Privacy Protection of Biometric Templates
US7298243B2 (en) 2003-11-12 2007-11-20 Rsa Security Inc. Radio frequency identification system with privacy policy implementation based on device classification
US7310734B2 (en) 2001-02-01 2007-12-18 3M Innovative Properties Company Method and system for securing a computer network and personal identification device used therein for controlling access to network components
US20080037833A1 (en) 2006-03-29 2008-02-14 Kenta Takahashi Method, System and Program for Authenticating a User by Biometric Information
US20080065895A1 (en) * 2006-04-07 2008-03-13 Huawei Technologies Co., Ltd. Method and System for Implementing Authentication on Information Security
US20080072284A1 (en) 2006-08-29 2008-03-20 Microsoft Corporation Zone Policy Administration For Entity Tracking And Privacy Assurance
US20080157927A1 (en) 2004-12-31 2008-07-03 British Telecommunications Public Limited Company Control of Data Exchange
US20080162943A1 (en) 2006-12-28 2008-07-03 Ali Valiuddin Y Biometric security system and method
US20080169909A1 (en) 2005-03-30 2008-07-17 Samsung Electronics Co., Ltd. Rf-Id Tag Reading System For Using Password and Method Thereof
US7464162B2 (en) 2000-07-10 2008-12-09 Oracle International Corporation Systems and methods for testing whether access to a resource is authorized based on access information
US20090022374A1 (en) 2004-10-15 2009-01-22 Terrance Edward Boult Revocable biometrics with robust distance metrics
US20090239503A1 (en) 2008-03-20 2009-09-24 Bernard Smeets System and Method for Securely Issuing Subscription Credentials to Communication Devices
US20090271635A1 (en) 2006-08-18 2009-10-29 Huawei Technologies Co., Ltd. Methods and systems for authentication
US7627895B2 (en) * 2004-03-31 2009-12-01 British Telecommunications Plc Trust tokens
US7671746B2 (en) 2002-07-09 2010-03-02 Neology, Inc. System and method for providing secure identification solutions
US7739744B2 (en) 2006-03-31 2010-06-15 Novell, Inc. Methods and systems for multifactor authentication
US20100205452A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for communicating a privacy policy associated with a biometric reference template
US20100205431A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for checking revocation status of a biometric reference template
US20100205658A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for generating a cancelable biometric reference template on demand
US20100201489A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for communicating a privacy policy associated with a radio frequency identification tag and associated object
US20100205660A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for recording creation of a cancelable biometric reference template in a biometric event journal record
US7788500B2 (en) 2004-10-08 2010-08-31 Fujitsu Limited Biometric authentication device and terminal
US7827399B1 (en) 2005-07-27 2010-11-02 Adobe Systems Incorporated Certificate processing
US8001387B2 (en) * 2006-04-19 2011-08-16 Dphi, Inc. Removable storage medium with biometric access
US8327131B1 (en) 2004-11-29 2012-12-04 Harris Corporation Method and system to issue trust score certificates for networked devices using a trust scoring service

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7236446B2 (en) * 2004-07-23 2007-06-26 Hewlett-Packard Development Company, L.P. Compensating for variations in the temperature of a probe of a storage device

Patent Citations (76)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5467081A (en) 1992-02-22 1995-11-14 U.S. Philips Corporation Datacarriers with separate storage of read and write-inhibited memory locations
US5649099A (en) 1993-06-04 1997-07-15 Xerox Corporation Method for delegating access rights through executable access control program without delegating access rights not in a specification to any intermediary nor comprising server security
US5659616A (en) 1994-07-19 1997-08-19 Certco, Llc Method for securely using digital signatures in a commercial cryptographic system
US20040049675A1 (en) 1995-10-02 2004-03-11 Silvio Micali Physical access control
US5774552A (en) 1995-12-13 1998-06-30 Ncr Corporation Method and apparatus for retrieving X.509 certificates from an X.500 directory
US6044224A (en) 1996-06-26 2000-03-28 Sun Microsystems, Inc. Mechanism for dynamically associating a service dependent representation with objects at run time
US6092201A (en) 1997-10-24 2000-07-18 Entrust Technologies Method and apparatus for extending secure communication operations via a shared list
US6256737B1 (en) 1999-03-09 2001-07-03 Bionetrix Systems Corporation System, method and computer program product for allowing access to enterprise resources using biometric devices
US6554188B1 (en) 1999-04-13 2003-04-29 Electronic Data Holdings Limited Terminal for an active labelling system
WO2000065770A1 (en) 1999-04-22 2000-11-02 Veridicom, Inc. High security biometric authentication using a public key/private key encryption pairs
US20020174010A1 (en) 1999-09-08 2002-11-21 Rice James L. System and method of permissive data flow and application transfer
US20040019570A1 (en) 2000-06-16 2004-01-29 International Business Machines Corporation Business system and method using a distorted biometrics
US7120607B2 (en) 2000-06-16 2006-10-10 Lenovo (Singapore) Pte. Ltd. Business system and method using a distorted biometrics
US6836554B1 (en) * 2000-06-16 2004-12-28 International Business Machines Corporation System and method for distorting a biometric for transactions with enhanced security and privacy
US7464162B2 (en) 2000-07-10 2008-12-09 Oracle International Corporation Systems and methods for testing whether access to a resource is authorized based on access information
US20020026582A1 (en) 2000-08-31 2002-02-28 Sony Corporation Person authentication system, person authentication method and program providing medium
US20030093666A1 (en) 2000-11-10 2003-05-15 Jonathan Millen Cross-domain access control
US7062654B2 (en) 2000-11-10 2006-06-13 Sri International Cross-domain access control
US7310734B2 (en) 2001-02-01 2007-12-18 3M Innovative Properties Company Method and system for securing a computer network and personal identification device used therein for controlling access to network components
US20030097383A1 (en) 2001-04-05 2003-05-22 Alexis Smirnov Enterprise privacy system
US20040193893A1 (en) 2001-05-18 2004-09-30 Michael Braithwaite Application-specific biometric templates
US20030115490A1 (en) 2001-07-12 2003-06-19 Russo Anthony P. Secure network and networked devices using biometrics
US7030760B1 (en) 2001-08-07 2006-04-18 Seecontrol, Inc. Method and apparatus for ensuring reliable loading of materials on aricraft and other vehicles
US20030129965A1 (en) 2001-10-31 2003-07-10 Siegel William G. Configuration management system and method used to configure a biometric authentication-enabled device
US20030088782A1 (en) 2001-11-08 2003-05-08 Ncr Corporation Biometrics template
US7302583B2 (en) 2001-11-08 2007-11-27 Ncr Corporation Biometrics template
US20030126433A1 (en) 2001-12-27 2003-07-03 Waikwan Hui Method and system for performing on-line status checking of digital certificates
US20070119924A1 (en) 2001-12-31 2007-05-31 Digital Data Research Company Security Clearance Card, System And Method Of Reading A Security Clearance Card
US20040123114A1 (en) 2002-01-02 2004-06-24 Mcgowan Tim Method and system for the generation, management, and use of a unique personal identification token for in person and electronic identification and authentication
US20050180619A1 (en) 2002-01-17 2005-08-18 Cross Match Technologies, Inc. Biometric imaging system and method
US20040162984A1 (en) 2002-03-26 2004-08-19 Freeman William E. Secure identity and privilege system
US8086867B2 (en) 2002-03-26 2011-12-27 Northrop Grumman Systems Corporation Secure identity and privilege system
US7671746B2 (en) 2002-07-09 2010-03-02 Neology, Inc. System and method for providing secure identification solutions
US20040020984A1 (en) 2002-08-01 2004-02-05 Ncr Corporation Self-service terminal
US20060158751A1 (en) 2002-12-06 2006-07-20 Cross Match Technologies, Inc. Non-planar prism
US20050005136A1 (en) 2003-04-23 2005-01-06 Liqun Chen Security method and apparatus using biometric data
US20070044139A1 (en) 2003-05-21 2007-02-22 Tuyls Pim T Method and system for authentication of a physical object
US20050055582A1 (en) 2003-09-05 2005-03-10 Bazakos Michael E. System and method for dynamic stand-off biometric verification
US7298243B2 (en) 2003-11-12 2007-11-20 Rsa Security Inc. Radio frequency identification system with privacy policy implementation based on device classification
US20050198508A1 (en) 2004-03-04 2005-09-08 Beck Stephen H. Method and system for transmission and processing of authenticated electronic mail
US7627895B2 (en) * 2004-03-31 2009-12-01 British Telecommunications Plc Trust tokens
US20050228998A1 (en) 2004-04-02 2005-10-13 Microsoft Corporation Public key infrastructure scalability certificate revocation status validation
US20050229007A1 (en) 2004-04-06 2005-10-13 Bolle Rudolf M System and method for remote self-enrollment in biometric databases
US20050240778A1 (en) 2004-04-26 2005-10-27 E-Smart Technologies, Inc., A Nevada Corporation Smart card for passport, electronic passport, and method, system, and apparatus for authenticating person holding smart card or electronic passport
WO2005122467A1 (en) 2004-06-09 2005-12-22 Koninklijke Philips Electronics N.V. Biometric template protection and feature handling
US20070180261A1 (en) 2004-06-09 2007-08-02 Koninklijke Philips Electronics, N.V. Biometric template protection and feature handling
US20070226512A1 (en) 2004-06-09 2007-09-27 Koninklijke Philips Electronics, N.V. Architectures for Privacy Protection of Biometric Templates
US20050283614A1 (en) 2004-06-16 2005-12-22 Hardt Dick C Distributed hierarchical identity management system authentication mechanisms
US20060078171A1 (en) * 2004-08-20 2006-04-13 The Research Foundation Of State University Of New York Stor Intellectual Property Division Biometric convolution using multiple biometrics
US7788500B2 (en) 2004-10-08 2010-08-31 Fujitsu Limited Biometric authentication device and terminal
US20090022374A1 (en) 2004-10-15 2009-01-22 Terrance Edward Boult Revocable biometrics with robust distance metrics
US20060104484A1 (en) 2004-11-16 2006-05-18 Bolle Rudolf M Fingerprint biometric machine representations based on triangles
US8327131B1 (en) 2004-11-29 2012-12-04 Harris Corporation Method and system to issue trust score certificates for networked devices using a trust scoring service
US20060206723A1 (en) 2004-12-07 2006-09-14 Gil Youn H Method and system for integrated authentication using biometrics
US20080157927A1 (en) 2004-12-31 2008-07-03 British Telecommunications Public Limited Company Control of Data Exchange
US20070136581A1 (en) 2005-02-15 2007-06-14 Sig-Tec Secure authentication facility
US20080169909A1 (en) 2005-03-30 2008-07-17 Samsung Electronics Co., Ltd. Rf-Id Tag Reading System For Using Password and Method Thereof
US20060289646A1 (en) 2005-06-20 2006-12-28 Microsoft Corporation Rich object model for diverse Auto-ID tags
US7827399B1 (en) 2005-07-27 2010-11-02 Adobe Systems Incorporated Certificate processing
US20070040654A1 (en) 2005-08-19 2007-02-22 Electronics And Telecommunications Research Institute Electronic tag including privacy level information and privacy protection apparatus and method using RFID tag
US20070164863A1 (en) 2006-01-17 2007-07-19 International Business Machines Corporation System and method to track inventory using RFID tags
US20080037833A1 (en) 2006-03-29 2008-02-14 Kenta Takahashi Method, System and Program for Authenticating a User by Biometric Information
US7936905B2 (en) 2006-03-29 2011-05-03 Hitachi, Ltd. Method, system and program for authenticating a user by biometric information
US7739744B2 (en) 2006-03-31 2010-06-15 Novell, Inc. Methods and systems for multifactor authentication
US20080065895A1 (en) * 2006-04-07 2008-03-13 Huawei Technologies Co., Ltd. Method and System for Implementing Authentication on Information Security
US8001387B2 (en) * 2006-04-19 2011-08-16 Dphi, Inc. Removable storage medium with biometric access
US20090271635A1 (en) 2006-08-18 2009-10-29 Huawei Technologies Co., Ltd. Methods and systems for authentication
US20080072284A1 (en) 2006-08-29 2008-03-20 Microsoft Corporation Zone Policy Administration For Entity Tracking And Privacy Assurance
US20080162943A1 (en) 2006-12-28 2008-07-03 Ali Valiuddin Y Biometric security system and method
US20090239503A1 (en) 2008-03-20 2009-09-24 Bernard Smeets System and Method for Securely Issuing Subscription Credentials to Communication Devices
US20100201489A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for communicating a privacy policy associated with a radio frequency identification tag and associated object
US20100205660A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for recording creation of a cancelable biometric reference template in a biometric event journal record
US20100205658A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for generating a cancelable biometric reference template on demand
US20100205452A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for communicating a privacy policy associated with a biometric reference template
US8242892B2 (en) 2009-02-12 2012-08-14 International Business Machines Corporation System, method and program product for communicating a privacy policy associated with a radio frequency identification tag and associated object
US20100205431A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for checking revocation status of a biometric reference template

Non-Patent Citations (42)

* Cited by examiner, † Cited by third party
Title
Advisory Action (Mail Date Jul. 26, 2012) for U.S. Appl. No. 12/370,379, filed Feb. 12, 2009.
Advisory Action (Mail Date May 14, 2012) for U.S. Appl. No. 12/370,345, filed Feb. 12, 2009.
Amendment and Request for Continued Examination filed Jan. 11, 2012 in response to Final Office Action (Mail Date Oct. 12, 2011) for U.S. Appl. No. 12/370,334, filed Feb. 12, 2009.
Amendment filed Dec. 22, 2011 in response to Office Action (Mail Date Sep. 27, 2011) for U.S. Appl. No. 12/370,379, filed Feb. 12, 2009.
Amendment filed Feb. 9, 2012 in response to Office Action (Mail Date Nov. 17, 2011) for U.S. Appl. No. 12/370,365, filed Feb. 12, 2009.
Amendment filed Feb. 9, 2012 in response to Office Action (Mail Date Nov. 9, 2011) for U.S. Appl. No. 12/370,359, filed Feb. 12, 2009.
Amendment filed Jul. 13, 2012 in response to Final Office Action (Mail Date May 14, 2012) for U.S. Appl. No. 12/370,379, filed Feb. 12, 2009.
Amendment filed Jun. 4, 2012 in response to Office Action (Mail Date Mar. 6, 2012) for U.S. Appl. No. 12/370,334, filed Feb. 12, 2009.
Amendment filed May 24, 2012 in reponse to Advisory Action (Mail Date May 14, 2012) for U.S. Appl. No. 12/370,345, filed Feb. 12, 2009.
Amendment filed May 8, 2012 in response to Final Office Action (Mail Date Mar. 9, 2012) for U.S. Appl. No. 12/370,345, filed Feb. 12, 2009.
Amendment filed Sep. 22, 2011 in response to Office Action (Mail Date Jul. 13, 2011) for U.S. Appl. No. 12/370,334, filed Feb. 12, 2009.
Berners-Lee, T. et al., Uniform Resource Identifiers (URI): Generic Syntax, RFC 2396, http://ietfreport.isoc.org/rfc/rfc2396.txt, Aug. 1998, pp. 1-40.
Final Office Action (Mail Date Mar. 9, 2012) for U.S. Appl. No. 12/370,345, filed Feb. 12, 2009.
Final Office Action (Mail Date May 14, 2012) for U.S. Appl. No. 12/370,379, filed Feb. 12, 2009.
Final Office Action (Mail Date Oct. 12, 2011) for U.S. Appl. No. 12/370,334, filed Feb. 12, 2009.
Griffin, P., ISO 19092: A Standard for Biometric Security Management, ISSA Journal, Jan. 2007, pp. 20-23.
Griffin, P., U.S. Appl. No. 12/370,334, System, Method and Program Product for Checking Revocation Status of a Biometric Reference Template, filed on Feb. 12, 2009.
Griffin, P., U.S. Appl. No. 12/370,345, System, Method and Program Product for Associating a Biometric Reference Template With a Radio Frequency Identification Tag, filed on Feb. 12, 2009.
Griffin, P., U.S. Appl. No. 12/370,359, System, Method and Program Product for Communicating a Privacy Policy Associated With a Biometric Reference Template, filed on Feb. 12, 2009.
Griffin, P., U.S. Appl. No. 12/370,365, System, Method and Program Product for Communicating a Privacy Policy Associated With a Radio Frequency Identification Tag and Associated Object, filed on Feb. 12, 2009.
Griffin, P., U.S. Appl. No. 12/370,379, System, Method and Program Product for Generating a Cancelable Biometric Reference Template on Demand, filed on Feb. 12, 2009.
IEEE Xplore, Retrieved from Internet: http://ieeexplore.ieee.org/search/searchresult.jsp?action=search&sortType=&rowsPerPage= . . . ; Feb. 3, 2014, 1 page.
ITU-T Telecommunication Standardization Sector of ITU, X.667, Series X: Data Networks and Open System Communications-OSI networking and system aspects-Abstract Syntax Notation One (ASN.1), ISO/IEC 8824-1:2003 (E), 146 pages, Geneva, Switzerland 2005.
ITU-T Telecommunication Standardization Sector of ITU, X.667, Series X: Data Networks and Open System Communications-OSI networking and system aspects-Naming, Addressing and Registration, ISO/IEC 9834-8: 2005 (E), 34 pages, Geneva, Switzerland 2005.
Juels, et al.; Soft Blocking: Flexible Blocker Tags on the Cheap; WPES '04; Oct. 28, 2004; Washington, D.C.; pp. 1-7.
Molnar, et al.; Privacy for RFID Through Trusted Computing; WPES '05; Nov. 7, 2005; Alexandria, Virginia; pp. 31-34.
Notice of Allowance (Mail Date Feb. 12, 2014) for U.S. Appl. No. 13/611,000, filed Sep. 12, 2012.
Notice of Allowance (Mail Date Jul. 26, 2012 for U.S. Appl. No. 12/370,334, filed Feb. 12, 2009.
Notice of Allowance (Mail Date Jun. 21, 2012) for U.S. Appl. No. 12/370,359, filed Feb. 12, 2009.
Notice of Allowance (Mail Date Mar. 30, 2012) for U.S. Appl. No. 12/370,365, filed Feb. 12, 2009.
Notice of Allowance (Mail Date May 30, 2012) for U.S. Appl. No. 12/370,345, filed Feb. 12, 2009.
Notice of Allowance (Mail Date Sep. 12, 2012) for U.S. Appl. No. 12/370,379, filed Feb. 12, 2009.
Office Action (Mail Date Jul. 13, 2011) for U.S. Appl. No. 12/370,334, filed Feb. 12, 2009.
Office Action (Mail Date Mar. 6, 2012) for U.S. Appl. No. 12/370,334, filed Feb. 12, 2009.
Office Action (Mail Date Nov. 17, 2011) for U.S. Appl. No. 12/370,365, filed Feb. 12, 2009.
Office Action (Mail Date Nov. 9, 2011) for U.S. Appl. No. 12/370,359, filed Feb. 12, 2009.
Office Action (Mail Date Oct. 11, 2013) for U.S. Appl. No. 13/611,000, filed Sep. 12, 2012.
Office Action (Mail Date Sep. 27, 2011) for U.S. Appl. No. 12/370,379, filed Feb. 12, 2009.
Ratha, et al.; Generating Cancelable Fingerprint Templates; IEEE Transactions on Pattern Analysis and Machine Intelligence; vol. 29, No. 4; Apr. 2007; pp. 561-572.
Ratha, N. K. et al, Generating Cancelable Fingerprint Templates, IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 29, No. 4, Apr. 2007.
Request for Continued Examination filed Aug. 14, 2012 for U.S. Appl. No. 12/370,379, filed Feb. 12, 2009.
U.S. Appl. No. 13/611,000, filed Sep. 12, 2012.

Also Published As

Publication number Publication date Type
US20100205660A1 (en) 2010-08-12 application

Similar Documents

Publication Publication Date Title
US7496954B1 (en) Single sign-on system and method
US6256737B1 (en) System, method and computer program product for allowing access to enterprise resources using biometric devices
US6167518A (en) Digital signature providing non-repudiation based on biological indicia
US7395436B1 (en) Methods, software programs, and systems for electronic information security
US7305556B2 (en) Secure printing with authenticated printer key
US6745327B1 (en) Electronic certificate signature program
Tardo et al. SPX: Global authentication using public key certificates
US7788700B1 (en) Enterprise security system
US6553494B1 (en) Method and apparatus for applying and verifying a biometric-based digital signature to an electronic document
US6845453B2 (en) Multiple factor-based user identification and authentication
US6035398A (en) Cryptographic key generation using biometric data
US7275155B1 (en) Chain of trust processing
US20070220594A1 (en) Software based Dynamic Key Generator for Multifactor Authentication
US20020056043A1 (en) Method and apparatus for securely transmitting and authenticating biometric data over a network
US20040010697A1 (en) Biometric authentication system and method
US20050097061A1 (en) Offline access in a document control system
US20060034494A1 (en) Personal identity data management
US7613929B2 (en) Method and system for biometric identification and authentication having an exception mode
US6981151B1 (en) Digital data storage systems, computers, and data verification methods
US20130198521A1 (en) Secure File Drawer and Safe
US7690032B1 (en) Method and system for confirming the identity of a user
US20090006860A1 (en) Generating multiple seals for electronic data
US20040193893A1 (en) Application-specific biometric templates
US20070271618A1 (en) Securing access to a service data object
US20050097441A1 (en) Distributed document version control

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:GRIFFIN, PHILLIP H.;REEL/FRAME:022252/0346

Effective date: 20090212